Cybersecurity firm says North Korean hackers may be targeting utilities

Author

Published

Share it

Dive Brief:

Cybersecurity firm Dragos has seen a rise in targeted attempts to infiltrate utility systems, according to a report in The Daily Beast. The group behind them, "Covellite," may be linked to North Korea.

Dragos' review of 2017 also notes hackers are getting more sophisticated and more dangerous to industry, with malware increasingly being used to target industrial control systems — with limited success so far.

Last year, Dragos tracked 163 vulnerability advisories with an industrial control system (ICS) impact. The majority of these, however, could only be taken advantage of if the hacker had access to plant control systems.

Dive Insight:

Dragos' new research is a mixed bag for the utility industry. Increasingly, hackers and malware are targeting industrial systems and utilities, but thus far have had only marginal success, particularly in the United States. And most of the vulnerabilities would require gaining access to plant control systems.

Of those 163 ICS-related vulnerabilities, 85% of these are late in the "kill chain" and "are not useful to gaining an initial foothold," Dragos reports.

"If these vulnerabilities are exploited, it is likely the adversary has been active in the network for some time and already pivoted through various other systems."

But a spike in spear phishing — targeted attacks sent via email — is reason for concern. Daily Beast spoke with Dragos analyst Reid Wightman, who said the Covellite group is using techniques similar to the Lazarus Group, which has been tied to North Korea. Utilities targeted have been in the United States, Europe and part of East Asia.

The Wall Street Journal brings up a more familiar name — Schneider Electric. Hackers last year were able to penetrate the safety systems of a petrochemical plant in Saudi Arabia in part by taking advantage of an older device made by Schneider.But perhaps the most well-known utility hacks was the successful 2015 attack on Ukraine’s grid, which caused widespread blackouts and raised fears that the U.S. could be vulnerable to a similar attack.

A report from Accenture last year found almost two-thirds of utility executives globally believe their country faces at least a moderate risk of a cyberattack on the electric grid in the next five years. Just in North America, the number who say an attack is likely rises to 76%. Utility Dive's latest survey of utility professionals says respondents listed cybersecurity as a top concern, a recurrent theme from past surveys.